JP7482003B2 - Information processing system, information processing method and computer - Google Patents

Description

The present invention relates to a computer system that issues instructions to individuals without transferring personal information across borders between multiple locations.

In recent years, with the spread of IoT (Internet of Things), services have been developed that collect operational data from various devices and equipment at a centralized location and perform maintenance on those devices and equipment. Maintenance services using IoT are sometimes provided worldwide, and the centralized location that monitors the devices and equipment may be in a different country or region from the country or region in which the devices and equipment to be maintained are operated. Furthermore, maintenance services may be provided not only by the same company or organization, but also by multiple companies or organizations working together.

Meanwhile, in borderless cyberspaces such as the Internet, various countries and regions have enacted laws in recent years to restrict the cross-border transfer of personal information, etc. (for example, the General Data Protection Regulation (GDPR) in Europe, the California Consumer Privacy Act (CCPA) in the U.S. state of California, and the Cybersecurity Law and Cyber-Digital Survey and Map Law in China).

Many of these restrictions limit the transfer of personal information. Furthermore, regulations such as the GDPR require companies to clarify and explain the intended use of personal information to individuals, and to respond to requests to update or delete personal information. Furthermore, in China, only companies authorized in China are permitted to handle location information such as GPS information.

In order to provide the above-mentioned IoT-based maintenance services quickly and efficiently, it is desirable to send instructions directly from a centralized location that monitors the equipment and devices to the maintenance staff at the local service center that provides the maintenance services.

However, if the local country where the maintenance service is carried out restricts the cross-border transfer of personal information, the centralized location cannot obtain personal information such as the contact details of the local maintenance staff, making it difficult to give instructions directly. In addition, if the company operating the centralized location is different from the company of the maintenance staff, and maintenance work data such as who installed the product contains personal information, it will be difficult to obtain this information from the local database.

Patent Document 1 is known as a technology for notifying individuals in an environment where the distribution of personal information is restricted. In Patent Document 1, organization A holds personal information and generates an anonymization number key for each piece of personal information. Organization A passes the anonymization number key to a central institution, and both organizations obtain the anonymization number key. It discloses that when the central institution needs to search for a relevant individual in an emergency, for example, it has organization A search for the personal information using the anonymization number key and notify the search results.

JP 2009-237975 A

In the above conventional example, organization A needs to provide an anonymization key for each piece of personal information to the central institution in advance. When applying Patent Document 1 to maintenance services provided worldwide using IoT as described above, an anonymization key needs to be generated for each maintenance staff member, and the central institution needs to store and manage a huge amount of anonymized information, which creates problems in securing data storage capacity and maintaining reliable operation.

In particular, when the central location that monitors IoT information and the local location that performs maintenance work are operated by different companies or organizations, it can be difficult to generate anonymization number keys for every maintenance staff member at the local location and distribute them to the central location.

The present invention was made in consideration of the above problems, and aims to enable the centralized location to send alerts and instructions to individuals at local locations where maintenance work is carried out, without the need to transfer personal information of the local locations across borders.

The present invention is an information processing system having a first computer operating at a first base, a second computer operating at a second base, and a client terminal connected to the first computer, in which the first computer holds personal management information including a user identifier and contact information as personal information of a user using the client terminal, acquires operation information of the client terminal, generates personal time series information by adding the personal information and time of the user to the operation information, performs a predetermined concealment on the personal information of the personal time series information to generate processed time series information, and transmits the processed time series information to the second computer, the second computer receives the processed time series information from the first computer, generates search range information from search conditions for the processed time series information to identify the user at the first base and a message to be transmitted to the user at the first base, and transmits the search range information to the first computer, and when the first computer receives the search range information from the second computer, it searches for personal time series information including the personal information using the search conditions of the search range information to identify the user.

Therefore, the present invention makes it possible for the first computer at the local base to identify the user (individual) who provided personal information using search criteria received from the aggregation base and transmit messages or instructions to the user (individual) without the first base (local base) transferring personal information across borders to the second base (aggregation base).

Details of at least one implementation of the subject matter disclosed herein are set forth in the accompanying drawings and the description below. Other features, aspects, and advantages of the disclosed subject matter will become apparent from the following disclosure, drawings, and claims.

FIG. 1 is a block diagram showing an overview of a maintenance service system according to a first embodiment of the present invention. FIG. 1 is a block diagram illustrating an example of a configuration of a maintenance service system according to a first embodiment of the present invention. FIG. 2 is a block diagram illustrating an example of a configuration of a Web server at a local base according to the first embodiment of the present invention. FIG. 2 is a block diagram illustrating an example of a configuration of a data link server at a local base according to the first embodiment of the present invention. FIG. 2 is a block diagram illustrating an example of a configuration of a target individual identification server at a local base according to the first embodiment of the present invention. FIG. 2 is a block diagram illustrating an example of a configuration of a database server at a local base according to the first embodiment of the present invention. FIG. 2 is a block diagram illustrating an example of a configuration of a data aggregation server at an aggregation site according to the first embodiment of the present invention. FIG. 2 is a block diagram illustrating an example of a configuration of a target range designation server of an aggregation base according to the first embodiment of the present invention. FIG. 2 is a block diagram illustrating an example of a configuration of a database server at an aggregation site according to the first embodiment of the present invention. FIG. 11 is a sequence diagram illustrating an example of data linkage processing performed in the maintenance service system according to the first embodiment of the present invention. FIG. 11 is a sequence diagram illustrating an example of an individual identification request process performed in the maintenance service system according to the first embodiment of the present invention. 10 is a flowchart illustrating an example of data linking processing performed at a local base according to the first embodiment of the present invention. 11 is a flowchart illustrating an example of a target individual identification process performed at a local base according to the first embodiment of the present invention. 11 is a flowchart illustrating an example of a target range designation process performed at an aggregation site according to the first embodiment of the present invention. FIG. 11 illustrates an example of time-series data including personal information of a local base according to the first embodiment of the present invention. FIG. 2 illustrates an example of time-series data of a device at a local base according to the first embodiment of the present invention. FIG. 13 illustrates an example of processed time-series data of a local base according to the first embodiment of the present invention. FIG. 11 illustrates an example of search range data for aggregation bases according to the first embodiment of the present invention. FIG. 11 illustrates an example of a personal information management table for a local base according to the first embodiment of the present invention. FIG. 11 illustrates an example of a management screen of a local base according to the first embodiment of the present invention. FIG. 11 is a block diagram showing an outline of a maintenance service system according to a second embodiment of the present invention. FIG. 11 is a block diagram illustrating an overview of a notification service system according to a third embodiment of the present invention.

The following describes an embodiment of the present invention with reference to the attached drawings.

Figure 1 shows a first embodiment of the present invention, and is a block diagram illustrating an overview of a maintenance service system (or an information processing system). The maintenance service system includes local bases A (102-A) to C (102-C) that perform maintenance on equipment 111 in different countries or regions, and a centralized base 103 that collects information from each base and issues messages such as alerts and notifications regarding the maintenance of equipment 111.

When local bases A (102-A) to C (102-C) are not to be individually identified, the symbol "102" is used with the "-" and everything after it omitted. The same applies to the symbols for the other components. Also, an example is shown in which cross-border transfer of personal information is prohibited between each local base 102 and the aggregation base 103.

Each local base 102 has a maintenance worker who performs maintenance on the equipment 111. The maintenance worker uses a client terminal 101 to register personal information and report maintenance work (work information) to the local base 102 to which the worker belongs. The local base 102 is an information processing system or computer system in which one or more computers are running.

The personal information of the maintenance workers is stored in the personal information management database 611 of the local base A (102-A). The configurations of the local base B (102-B) and the local base C (102-C) are similar to that of the local base A (102-A), so the following explanation will focus on the local base A (102-A).

Maintenance workers use the application on the client terminal 101 to report on maintenance work and other tasks (work information). The local base 102 collects the work information from the client terminal 101 and registers it in a time-series database (DB in the figure, the same below) 612 that contains personal information.

As described below, the time series database 612 containing personal information contains personal information such as the identifier of the maintenance worker, and the identifier of the device 111 on which the maintenance work was performed. At the local base 102, the data linkage program 401 generates processed time series data by processing the personal information from the time series database 612 containing personal information at a predetermined timing, and transmits the processed time series data to the aggregation base 103.

The data linking program 401 processes personal information using a processing algorithm that complies with the restrictions of the laws and regulations of the local base 102, such as filtering and concealing (anonymizing) the personal information. The local base 102 transmits the processed time series data at a time that is preset in the maintenance service system, such as an acquisition request from the aggregation base 103 or a specified cycle.

The aggregation site 103 stores the processed time series data received from each local site 102 in the processed time series database 902, and also stores the operation information of the equipment 111 collected from each local site 102 in the other data database 904.

At the aggregation site 103, the data analysis program 2230 monitors the operation information in the other data database 904, and when it detects an abnormality, a sign of an abnormality, or a time to replace a part, it notifies the output device of the equipment 111 that requires maintenance.

The administrator at the central location 103 uses the target range designation program 801 to generate search range data and request each local location 102 to identify the maintenance worker and notify the maintenance details, in order to notify the client terminal 101 of the maintenance worker in charge of the equipment 111 requiring maintenance of messages such as alerts and maintenance details.

Since the processed time-series database 902 of the local base 102 does not contain personal information (or is concealed), the aggregation base 103 can identify the equipment 111 to be maintained, but cannot identify the maintenance worker in charge. Therefore, the target range designation program 801 generates search range data with the identifier of the equipment 111 and the date and period when the work was performed as search conditions, and with a message to notify the maintenance worker added to the search conditions. The target range designation program 801 requests the local base 102 to identify the individual maintenance worker and notify the maintenance content.

At the local base 102 that receives the search range data, the target individual identification program 501 searches the time series database 612 containing personal information based on the search range data to identify the maintenance worker, obtains the contact information registered in the personal information management database 611, and transmits the maintenance details to the client terminal 101.

As described above, in the maintenance service system of this embodiment, time-series work information in which personal information has been filtered or concealed is generated as processed time-series data from the local base 102 and transmitted to the aggregation base 103, thereby avoiding restrictions on the cross-border transfer of personal information.

Then, the central location 103 generates search range data specifying search conditions related to individuals, such as the identifier of the equipment 111 to be maintained, and the maintenance content (message), and requests the local location 102 to identify and notify the maintenance worker. Note that the search conditions for identifying the maintenance worker at the local location 102 are not limited to the identifier of the equipment 111, and may be identified by the date and time the work was performed, the work content, the number of the replaced part, etc.

Although the centralized location 103 cannot access personal information, the local location 102's target individual identification program 501 can search the time series database 612 containing personal information to identify the maintenance worker responsible for maintaining the identifier of the device 111, thereby making it possible to provide rapid maintenance services between the local location 102 and the centralized location 103 belonging to different countries or regions without the need to transfer personal information across borders.

<System Configuration>
2 is a block diagram showing an example of the configuration of a maintenance service system. In the illustrated example, the aggregation base 103, a local base A (102-A), and a local base B (102-B) are connected by an inter-base network 206, and each local base 102 is connected to the client terminal 101 and the device 111 by a network 204. The network 204 is configured by the Internet, a wireless (or wired) network, or the like.

Below, local base A (102-A) and local base B (102-B) have the same configuration, so only local base A (102-A) will be described. The local base 102 includes a web server 211, a database server 212, a data linking server 213, and a target individual identification server 214.

The web server 211 accepts personal information of maintenance workers from the client terminal 101 and registers it in the database server 212. The web server 211 also accepts work information from the client terminal 101 and registers it in the database server 212. The web server 211 also accepts operation information from the equipment 111 and registers it in the database server 212. The equipment 111 is a machine or device that includes a sensor and a communication device (not shown).

An application 203 is running on the client terminal 101, which adds an ID that identifies the maintenance worker and a time stamp to the work information entered by the maintenance worker and sends it to the local base 102. The local base 102 to which the maintenance worker belongs stores the received work information in a database server 212 as time-series data including personal information. Note that the ID that identifies the maintenance worker and the time stamp may be added by the web server 211 of the local base 102, etc.

The database server 212 stores personal information of maintenance workers, time series data including personal information, time series data of the equipment 111, etc. The data linking server 213 applies a predetermined processing to the personal information from the time series data including personal information to generate processed time series data and transmits the processed time series data to the aggregation center 103.

The data linking server 213 also transmits operation information of the device 111 to the aggregation center 103. The timing at which the data linking server 213 transmits the operation information is determined by pre-set conditions such as a predetermined cycle or a request from the aggregation center 103.

Based on the search range data received from the aggregation center 103, the target individual identification server 214 searches the time series database 612 containing personal information to identify the maintenance worker, and notifies the client terminal 101 of the maintenance content included in the search range data.

Although the above shows an example in which each function is operated on an independent server, each function of the above server may be realized by a single computer. In this case, the computer may include a reception unit that receives personal information, work information, and operation information and registers them in a database, a data management unit that manages the data registered from the reception unit, a data linking unit that processes personal information from work information (time series data including personal information) to generate processed time series data, and a target individual identification unit that receives search range data from the aggregation center 103, searches the time series data including personal information, identifies a maintenance worker, and notifies him of the maintenance details.

The aggregation center 103 includes a data aggregation server 221, a database server 222, an analysis server 223, and a target range designation server 224.

The data aggregation server 221 accepts the processed time series data and the time series data of the device 111 and stores them in the database server 222. The database server 222 manages the processed time series data and the time series data of the device 111.

The analysis server 223 analyzes the time series data of the devices 111, identifies the identifiers of the devices 111 that require maintenance, and the maintenance contents, and outputs them. Note that the maintenance contents may be specified by a person in charge at the aggregation site 103, etc.

The target individual identification server 214 generates search range data by adding search conditions such as the search period to the identifier and maintenance content (or message) of the identified device 111, and transmits it to the local base 102. Note that if the local base 102 to which the device 111 with the identified identifier belongs is unknown, the target individual identification server 214 may broadcast the search range data to each local base 102.

In the above, an example was given in which each function was operated on an independent server, but each function of the server may be realized by a single computer. In this case, the computer may include a reception unit that receives the processed time series data and the time series data of the equipment 111 and registers them in a database, a data management unit that manages the data registered from the reception unit, an analysis unit that identifies the identifiers of the equipment 111 requiring maintenance and the maintenance contents from the time series data of the equipment 111, and a target range designation unit that generates search range data including search conditions such as the identifiers of the equipment 111 and the maintenance contents and transmits the search range data to the local base 102.

<Web Server>
The configuration of each server will be described below. Fig. 3 is a block diagram showing an example of the configuration of the Web server 211 of the local base 102. The Web server 211 is a computer including a processor 304, a memory 305, a storage device 302, an input/output device 306, and a communication interface 303.

The storage device 302 is composed of a non-volatile storage medium, and stores a user information registration reception program 311, a user information collection program 312, and a database access program 313. Each program is loaded into the memory 305 and then executed by the processor 304.

The user information registration reception program 311 accepts the personal information of the maintenance worker from the client terminal 101 of the maintenance worker and registers it in the database server 212. The user information collection program 312 accepts the work information entered by the maintenance worker from the application 203 of the client terminal 101 and stores it in the database server 212 as time-series data including the personal information.

The user information collection program 312 also receives operation information from the device 111 and stores it in the database server 212 as time series data of the device 111. The database access program 313 receives access from the user information registration reception program 311 and the user information collection program 312 and executes access to the database server 212.

The input/output device 306 is composed of input devices such as a mouse, keyboard, or touch panel, and output devices such as a display and speaker. The communication interface 303 is connected to the network 204 (or the inter-base network 206) to carry out communication.

<Data linking server>
4 is a block diagram showing an example of the configuration of the data linking server 213 of the local base 102. The data linking server 213 is a computer including a processor 405, a memory 406, a storage device 403, an input/output device 407, and a communication interface 404.

The storage device 403 is composed of a non-volatile storage medium and stores the data linkage program 401, the database access program 402, and the setting file 420. The data linkage program 401 and the database access program 402 are loaded into the memory 406 and then executed by the processor 405.

The data linkage program 401 includes a time series data collection function 411, a filtering or anonymization processing application function 412, a personal information inclusion determination function 413, a processed time series data transmission authorization function 414, and a processed time series data transmission function 415.

The processor 405 operates as a functional unit that provides a specific function by executing processing according to the program of each functional unit. For example, the processor 405 realizes a time series data collection function 411 by executing processing according to a time series data collection program included in the data linkage program 401. The same applies to the other programs. Furthermore, the processor 405 also operates as a functional unit that provides each function of the multiple processes executed by each program. A computer and a computer system are devices and systems that include these functional units.

The data linkage program 401 performs processing using various information previously set in the configuration file 420.

The time-series data collection function 411 reads time-series data including personal information set in the acquisition target table 421 of the configuration file 420. The filtering or anonymization processing application function 412 uses the target algorithm 422 of the configuration file 420 to filter or anonymize the personal information in the time-series data including personal information. The target algorithm 422 can be set as appropriate to an algorithm that complies with the restrictions of the laws and regulations of the country or region to which the local base 102 belongs. In addition, the target algorithm 422 can be changed as appropriate in response to revisions to laws and regulations.

The personal information inclusion determination function 413 uses the determination logic 423 of the configuration file 420 to determine whether personal information is included in the processed time series data that has been filtered or concealed. The determination logic 423 can be changed as appropriate in response to changes in the time series data that includes personal information.

When the format or data type of the processed time series data generated by the data linkage program 401 is a data type that has not been transmitted before and is a first-time data type, the processed time series data transmission authorization function 414 inquires of the data handler specified in the confirmation responder notification destination 424 of the configuration file 420 whether or not the processed time series data can be transmitted. The processed time series data transmission authorization function 414 detects data types that are not registered in the transmitted data type database 616 (described later) as first-time data types.

The processed time series data transmission function 415 transmits the processed time series data that has been permitted to be transmitted by the data handler to the aggregation center 103.

When the database access program 402 receives a database access request from the data linkage program 401, it accesses the database server 212.

The input/output device 407 is composed of input devices such as a mouse, keyboard, or touch panel, and output devices such as a display and speaker. The communication interface 404 is connected to the network 204 (or the inter-base network 206) to carry out communication.

<Target individual identification server>
5 is a block diagram showing an example of the configuration of the target individual identification server 214 of the local base 102. The target individual identification server 214 is a computer including a processor 504, a memory 505, a storage device 502, an input/output device 506, and a communication interface 503.

The storage device 502 is composed of a non-volatile storage medium and stores the target individual identification program 501, the database access program 507, and the setting file 520. The target individual identification program 501 and the database access program 507 are loaded into the memory 505 and then executed by the processor 504.

The target individual identification program 501 includes a target range designation information receiving function 511, a target range relevant personal information search function 512, a target individual report output function 513, and a responsible person notification function 514.

The processor 504 operates as a functional unit that provides a specified function by executing processing according to the program of each functional unit. For example, the processor 504 realizes the target range relevant personal information search function 512 by executing processing according to the target range relevant personal information search program included in the target individual identification program 501. The same applies to the other programs. Furthermore, the processor 504 also operates as a functional unit that provides each of the functions of the multiple processes executed by each program. The computer and computer system are devices and systems that include these functional units.

The target individual identification program 501 performs processing using various information previously set in the configuration file 520. The various information includes information on the database to be searched and detailed conditions for the search.

The target range designation information receiving function 511 accepts the search range data received from the aggregation point 103 and passes it to the target range relevant personal information search function 512. The target range relevant personal information search function 512 searches for data that corresponds to the search range data from a time series database that includes personal information specified in the search destination database (and search detail conditions) 521 of the configuration file 520.

When the target range relevant personal information search function 512 obtains search results included in the search range data in a time series database that contains personal information, it obtains the personal information and obtains the contact information of the relevant maintenance worker from the personal information management database.

The target individual report output function 513 generates and outputs a notification, alert, or report for the maintenance worker identified in the personal information management database. The person in charge notification function 514 references notification enable 522 in the configuration file 520 to determine whether notification is permitted for the maintenance worker, and if permitted, sends the notification, etc. generated by the target individual report output function 513 to the corresponding client terminal 101. The person in charge notification function 514 also notifies the administrator, etc. at the local base 102 that the maintenance worker has been identified and that a notification (or alert) of the maintenance content has been sent.

The input/output device 506 is composed of input devices such as a mouse, keyboard, or touch panel, and output devices such as a display and speaker. The communication interface 503 is connected to the network 204 (or the inter-base network 206) to carry out communication.

As described above, the target individual identification server 214 can search for time series data containing personal information that corresponds to the search range data sent from the aggregation center 103 to identify the maintenance worker, obtain contact information for the target maintenance worker from the personal information management data, and notify the client terminal 101 of the instructions given by the aggregation center 103.

<Database Server>
6 is a block diagram showing an example of the configuration of the database server 212 of the local base 102. The database server 212 is a computer including a processor 604, a memory 605, a storage device 602, an input/output device 606, and a communication interface 603.

The storage device 602 is composed of a non-volatile storage medium and stores a database access API execution program 601, a personal information management database 611, a time series database 612 containing personal information, a meta database 613, a processed time series database 614, an equipment time series database 615, and a transmitted data type database 616.

The database access API execution program 601 is loaded into memory 605 and executed by the processor 604 to accept access from other servers.

The personal information management database 611 stores personal information of maintenance workers belonging to the local base 102. FIG. 15E is a diagram showing an example of a personal information management table 6110 stored in the personal information management database 611.

The personal information management table 6110 includes, in one record, manID 6111, which stores the identifier of the maintenance worker, name 6112, which stores the name, TEL 6113, which stores the telephone number, and E-Mail 6114, which stores the email address.

The time-series database 612 containing personal information is time-series data in which the identifier of the maintenance worker and a timestamp are added to the work information collected by the web server 211 from the client terminal 101. FIG. 15A is a diagram showing an example of time-series data 6120 containing personal information stored in the time-series database 612 containing personal information.

Time series data 6120 including personal information is made up of manID 6121, which stores the identifier of the maintenance worker, time 6122, 6123, which stores timestamps, machineID 6124, which stores the identifier of the equipment 111, and operation 6125, which stores the work content.

In the example of FIG. 15A, the data shows that a maintenance worker with manID 6121 = "0001" performed replacement work of part P on a device 111 with machineID 6124 = "AS0001" at time 6122 = "1592497249", and the contents of operation 6125 show this data.

The meta database 613 stores information when the work information is acquired, etc. The processed time series database 614 stores processed time series data 6140 that the data linking server 213 has processed from personal information. FIG. 15C is a diagram showing an example of processed time series data 6140 stored in the processed time series database 614.

The processed time series data 6140 is composed of a single piece of data including machineID 6141, 6143 that stores the identifier of the device 111, time 6142 that stores a timestamp, and operation 6144 that stores the work content.

In the example of FIG. 15C, data is shown in which the content of operation 6144 indicates that a part P was replaced at time 6142="1592497249" for device 111 with machine ID 6124="AS0001". The illustrated example shows an example in which the data linking server 213 has filtered man ID 6121, which is personal information.

The equipment time series database 615 is time series data in which an identifier and a timestamp are added to the operation information collected by the web server 211 from the equipment 111. FIG. 15B is a diagram showing an example of equipment time series data 6150 stored in the equipment time series database 615.

The equipment time series data 6150 is composed of a single piece of data including a machine ID 6151 that stores the identifier of the equipment 111, a time 6152 that stores a time stamp, a temperature 6153 that stores the temperature, and a pressure 6154 that stores the pressure.

The input/output device 606 is composed of input devices such as a mouse, keyboard, or touch panel, and output devices such as a display and speaker. The communication interface 603 is connected to the inter-base network 206 to carry out communication.

<Data aggregation server>
7 is a block diagram showing an example of the configuration of the data aggregating server 221 of the aggregation point 103. The data aggregating server 221 is a computer including a processor 705, a memory 706, a storage device 703, an input/output device 707, and a communication interface 704.

The storage device 703 is composed of a non-volatile storage medium and stores the data aggregation program 701 and the database access program 702.

The data aggregation program 701 and the database access program 702 are loaded into the memory 706 and then executed by the processor 705. The data aggregation program 701 registers the processed time series data 6140 received from the local base 102 in the processed time series database 902 of the database server 222. The data aggregation program 701 also registers the equipment time series data 6150 received from the local base 102 in the other data database 904 of the database server 222.

The database access program 702 accesses the database server 222 based on an access request from the data aggregation program 701.

The input/output device 707 is composed of input devices such as a mouse, keyboard, or touch panel, and output devices such as a display and speaker. The communication interface 704 is connected to the network 204 (or the inter-base network 206) to carry out communication.

<Target range specified server>
8 is a block diagram showing an example of the configuration of the target range designation server 224 of the aggregation point 103. The target range designation server 224 is a computer including a processor 805, a memory 806, a storage device 803, an input/output device 807, and a communication interface 804.

The storage device 803 is composed of a non-volatile storage medium and stores the target range specification program 801 and the database access program 802. The target range specification program 801 and the database access program 802 are loaded into the memory 806 and then executed by the processor 805.

The target range specification program 801 includes a target range reception function 811, a corresponding data location confirmation function 812, and a search range data transmission function 813.

The processor 805 operates as a functional unit that provides a specified function by executing processing according to the program of each functional unit. For example, the processor 805 realizes a search range data transmission function 813 by executing processing according to a search range data transmission program included in the target range specification program 801. The same applies to the other programs. Furthermore, the processor 805 also operates as a functional unit that provides each of the functions of multiple processes executed by each program. A computer and a computer system are devices and systems that include these functional units.

The target range reception function 811 of the target range specification program 801 can receive messages such as search conditions for identifying the maintenance worker of the equipment 111 to be maintained and maintenance contents from the input/output device 807. The relevant data location confirmation function 812 receives the search conditions from the target range reception function 811, searches the processed time series database 902 (Figure 9), and determines whether or not there is data that matches the search conditions, thereby determining whether or not the search conditions are valid.

If there is data matching the search conditions in the processed time series database 902, the search range data transmission function 813 of the target range specification program 801 receives, in addition to the received search conditions, maintenance details and messages for the maintenance worker from the input/output device 807. Note that the maintenance details may be set by the analysis server 223 according to the analysis results of the analysis server 223.

Then, the search range data transmission function 813 transmits the data, which is the search criteria plus the message, to the local base 102 as search range data. Note that if the processed time series database 902 does not contain information on the local base A (102-A), the local base B (102-B), etc., the search range data transmission function 813 broadcasts the search range data to each local base 102. An example of the search range data 6130 is shown in FIG. 15D.

The search range data 6130 includes a machineID 6131 that stores the identifier of the device 111, a notification 6132 that stores the notification method, an opMsg 6133 that stores the maintenance details, and a dueDate 6134 that stores the deadline.

In the illustrated example, the maintenance worker in charge of device 111 with machine ID 6131 = "AS0001" is instructed to perform maintenance work by "email", with the notification method being "email", the maintenance content being "restart", and the deadline being "June 21, 2020, 12:00".

The database access program 802 receives an access request from the relevant data location confirmation function 812 and accesses the processed time series database 902.

The input/output device 807 is composed of input devices such as a mouse, keyboard, or touch panel, and output devices such as a display and speaker. The communication interface 804 is connected to the network 204 (or the inter-base network 206) to carry out communication.

<Database Server>
9 is a block diagram showing an example of the configuration of the database server 222 of the aggregation point 103. The database server 222 is a computer including a processor 907, a memory 908, a storage device 905, an input/output device 909, and a communication interface 906.

The storage device 905 is composed of a non-volatile storage medium and stores the database access API execution program 901, the processed time series database 902, the metadata database 903, and the database of other data 904.

The database access API execution program 901 is loaded into a memory 908 and then executed by a processor 907, and receives access from other servers.

The processed time series database 902 is configured similarly to the processed time series database 614 of the database server 212 of the local base 102, and stores the processed time series data 6140 shown in FIG. 15C.

The metadata database 903 stores data required by the aggregation site 103. The other data database 904 stores equipment time series data 6150 transmitted from the local site 102, etc.

The input/output device 909 is composed of input devices such as a mouse, keyboard, or touch panel, and output devices such as a display and speaker. The communication interface 906 is connected to the inter-base network 206 to carry out communication.

Although the internal configuration of the analysis server 223 is not shown, it is configured in the same way as the above-mentioned servers, reads the equipment time series data 6150 from the other data database 904, analyzes the operation information of the equipment 111, extracts the identifiers of the equipment 111 that require maintenance, and displays them on the output device of the input/output device. The analysis server 223 analyzes the equipment time series data 6150 to detect abnormalities or signs of abnormalities. Note that detection of abnormalities or signs of abnormalities in equipment 111 that require maintenance will not be described in detail since it is possible to apply well-known or well-known technology.

<Processing details>
10 is a sequence diagram showing an example of data linking processing performed in the maintenance service system. This processing is started at a predetermined timing by the data linking program 401 of the local base 102, and generates processed time-series data 6140 by performing predetermined processing on personal information from a time-series database 612 containing personal information, and transmits the processed time-series data 6140 to the aggregation base 103.

In the data linking server 213, the data linking program 401 requests the database access program 402 to acquire time-series data 6120 including personal information (S1). The range of data requested can be a range specified by the data handler (or administrator) or a range that has been set in advance.

The database access program 402 requests time series data 6120 including the specified range of personal information from the database server 212 (S2). The database server 212 retrieves time series data 6120 including the requested range of personal information from the time series database 612 including personal information and responds to the database access program 402 (S3), and the database access program 402 responds to the data linkage program 401 with the access result (S4).

The data linkage program 401 uses a preset target algorithm 422 to filter or conceal the personal information in the time series data 6120 that contains personal information, and generates processed time series data 6140 (S5). Using a preset determination logic 423, the data linkage program 401 proceeds to the next step if the processed time series data 6140 does not contain personal information, and ends the process if the processed time series data 6140 contains personal information (S6).

In step S7, the data linking program 401 extracts the data type of the processed time series data 6140 that does not contain personal information, references the transmitted data type database 616, and if it is a type that is being transmitted for the first time, inquires of the data handler (or administrator) via the input/output device 407 whether transmission is possible. The data type is determined, for example, by the items (or fields) included in the processed time series data 6140 or the data format.

When the data handler permits transmission via the input/output device 407 (S8), the data linking program 401 transmits the processed time series data 6140 to the data aggregation server 221 at the aggregation site 103 (S9, S10).

In the data aggregation server 221, the processed time series data 6140 received by the data aggregation program 701 is stored in the processed time series database 902 of the database server 222 (S11).

By the above process, the data linkage program 401 performs a predetermined filtering or concealment on the time series data 6120 containing personal information within the specified range to generate processed time series data 6140, and transmits it to the data aggregation server 221 of the aggregation site 103.

In the database server 222 of the aggregation site 103, the processed time series data 6140 transmitted from each local site 102 is accumulated in the processed time series database 902. As described above, the operation information transmitted from the equipment 111 is also transmitted to the data aggregation server 221 of the aggregation site 103 at a predetermined timing and stored in the other data database 904 as equipment time series data of the database server 222.

Figure 11 is a sequence diagram showing an example of an individual identification request process performed in a maintenance service system. This process is executed when the target individual identification server 214 of the local base 102 receives search range data 6130 from the aggregation base 103.

The target range designation server 224 at the aggregation site 103 transmits the search range data 6130 to the target individual identification server 214 at the local site 102 (S21), and the target individual identification server 214 returns a reception response (S22).

The target individual identification program 501 of the target individual identification server 214 requests data (personal information) that matches the search range data 6130 from the time series database 612 containing personal information from the database server 212 via the database access program 507 (S23, S24).

The database server 212 responds to the target individual identification program 501 via the database access program 507 with personal information that matches the search range data 6130 (S25, S26). For example, the search range data 6130 includes the identifier (machineID6151) of the device 111 and the operation content (operation6144) such as replacement of part P, and the database server 212 outputs manID6121, which is the identifier of the maintenance worker, as personal information that matches this search condition.

The target individual identification program 501 uses the maintenance worker's identifier (manID 6121) obtained from the database server 212 as a search criterion and queries the personal information management database 611 of the database server 212 for contact information (e.g., email address) via the database access program 507 (S27, S28).

The database server 212 obtains the contact information (email 6114) for the specified manID 6121 and responds to the target individual identification program 501 via the database access program 507 (S29, S30).

The target individual identification program 501 sends the maintenance details (opMsg 6133) and deadline (dueDate 6134) contained in the search range data 6130 as a message to the acquired contact (S31). The target individual identification program 501 also reports to the data handler at the local base 102 that the maintenance worker in charge of the device 111 has been notified.

By the above process, the target individual identification server 214 identifies personal information (manID6121) by searching the time series database 612 containing personal information with an identifier (machineID6131) related to the personal information included in the search range data 6130. Then, the target individual identification server 214 can obtain contact information corresponding to the personal information from the personal information management database 611, and notify the maintenance worker in charge of the equipment 111 of the maintenance contents included in the search range data 6130.

Figure 12 is a flowchart showing an example of data linking processing performed at a local base. This processing shows details of the processing executed by the data linking server 213 in Figure 10.

The data linkage program 401 of the data linkage server 213 requests data within the range specified above from the time series database 612 containing personal information of the database server 212 (S41).

The data linking program 401 determines whether data was acquired within a predetermined time from the time series database 612 containing personal information (S42), and if it was acquired, proceeds to step S43, and if it was not acquired, proceeds to step S51. In step S51, the data linking program 401 generates a log of the error occurrence, stores it in the storage device 403, and ends the process.

In step S43, the data linking program 401 uses a preset target algorithm 422 to filter or conceal the personal information in the time series data 6120 containing personal information within a specified range, thereby generating processed time series data 6140.

In step S44, the data linkage program 401 determines whether there is any unprocessed data for filtering or anonymization for the time-series data 6120 containing personal information acquired. If there is any unprocessed data, the program proceeds to step S45. If filtering or anonymization has been completed for all data, the program proceeds to step S46.

In step S45, the data linkage program 401 performs filtering or anonymization on the next data, and then returns to step S44 to repeat the above process. In step S46, the data linkage program 401 loads the previously set judgment logic 423.

In step S47, the data linkage program 401 determines whether or not there is any data in the processed time series data 6140 that has not been subjected to the personal information verification process, and if there is any unprocessed data, the program proceeds to step S52, and if there is no unprocessed data, the program proceeds to step S48.

In step S52, the data linkage program 401 verifies whether personal information is included in the processed time series data 6140. In step S53, the data linkage program 401 determines whether personal information is included in the processed time series data 6140, and if personal information is not included, returns to step S47 and repeats the above process, and if personal information is included, proceeds to step S56.

In step S48, since the processed time series data 6140 does not contain personal information, the data linkage program 401 extracts the data type of the processed time series data 6140 that does not contain personal information, and determines whether the data type has already been sent by referring to the sent data type database 616. If the data type has already been sent, the program proceeds to step S49, and if the data type is to be sent for the first time, the program proceeds to step S54.

In step S54, the data linkage program 401 inquires of the data handler (or administrator) via the input/output device 407 or communication interface 404 whether or not to transmit the processed time series data 6140. In step S55, it is determined whether or not authorization for transmission has been input from the input/output device 407 or communication interface 404, and if authorization has been granted, the program proceeds to step S49, and if authorization has been denied, the program proceeds to step S56.

In step S49, the data linkage program 401 transmits the processed time series data 6140 that does not contain personal information to the aggregation site 103, and in step S50, the data linkage program 401 outputs a transmission log and ends the process.

If the processed time series data 6140 contains personal information or if the transmission is rejected in step S56, the data linkage program 401 outputs a log indicating that the transmission was rejected and ends the process.

Figure 13 is a flowchart showing an example of a target individual identification process performed at a local base. This process shows details of the process executed by the target individual identification server 214 shown in Figure 11.

The target individual identification server 214 at the local base 102 receives the search range data 6130 from the target range designation server 224 at the aggregation base 103 and starts processing (S61).

The target individual identification program 501 of the target individual identification server 214 requests data (personal information) that matches the search range data 6130 from the time series database 612 containing personal information from the database server 212 (S62).

The target individual identification program 501 determines whether data was acquired within a predetermined time from the time-series database 612 containing personal information (S63), and if it was acquired, proceeds to step S65, and if it was not acquired, proceeds to step S64. In step S64, the target individual identification program 501 generates a log indicating that an error occurred when acquiring the time-series database 612 containing personal information, stores the log in the storage device 502, and ends the process.

The target individual identification program 501 determines whether the response from the database server 212 contains personal information that matches the search range data 6130 (S65). If the response contains the relevant personal information, the program proceeds to step S67, and if the response does not contain the relevant personal information, the program proceeds to step S66. In step S66, the target individual identification program 501 outputs a report indicating that there are no relevant targets, and ends the process.

Next, the target individual identification program 501 queries the personal information management database 611 for contact information corresponding to the personal information obtained from the database server 212 (S67). The target individual identification program 501 determines whether the data was obtained from the personal information management database 611 within a predetermined time (S68), and if it was obtained, proceeds to step S70, and if it was not obtained, proceeds to step S69.

In step S69, the target individual identification program 501 generates a log indicating that an error occurred when retrieving data from the personal information management database 611, stores the log in the storage device 502, and then proceeds to step S70.

In step S70, the target individual identification program 501 generates a notification to be sent to the contact information obtained from the personal information management database 611. If the acquisition of the contact information fails, a notification is generated indicating that the acquisition of the relevant contact information failed.

The target individual identification program 501 generates a notification addressed to the acquired contact information using the maintenance details (opMsg 6133) and deadline (dueDate 6134) contained in the search range data 6130 as a message.

The target individual identification program 501 refers to the information in the notification activation 522 in the configuration file 520 to determine whether or not the notification to the identified maintenance worker is valid (S71), and if the notification is valid, proceeds to step S71, and if the notification is invalid, ends the process.

The target individual identification program 501 sends the generated notification to the maintenance worker whose contact information has been identified (S72), and reports to the data handler at the local base 102 that the maintenance worker in charge of the device 111 has been notified.

Figure 14 is a flowchart showing an example of the target range designation process performed at the aggregation site 103. This process is started based on input from a person (or administrator) who operates the input/output device 807 at the target range designation server 224 at the aggregation site 103. The person in charge of the target range designation server 224 obtains the identifiers of the devices 111 requiring maintenance from the analysis results of the analysis server 223.

The target range specification program 801 of the target range specification server 224 receives search target items from the input/output device 807 (S71). The search target items may be selected from the items of the processed time series data 6140.

The target range specification program 801 accepts the value or range of values of the item to be searched as a search condition (S72). The target range specification program 801 searches the processed time series database 902 of the database server 222 using the search condition accepted in step S72.

When the target range designation program 801 receives a response from the database server 222, it determines whether there are search results (processed time-series data 6140) that match the search conditions (S74). If there are search results, the target range designation program 801 proceeds to step S75, and if there are no search results, the program proceeds to step S78 .

In step S78 , the target range designation program 801 inquires via the input/output device 807 whether or not the search conditions should be reset. If the search conditions should be reset, the process returns to step S71 and the above processing is repeated; if not, the process ends.

In step S75, the target range designation program 801 receives a message (maintenance content) to be notified to the maintenance worker identified at the local base 102 based on the above search conditions from the input/output device 807. The message content may include, for example, the maintenance content and the deadline for the work.

In step S76, the target range specification program 801 generates search range data 6130 from the received message and the search conditions, and in step S77, transmits the search range data 6130 to the local base 102.

By performing the above processing, the target range designation server 224 can verify the search conditions required to identify a maintenance worker in the processed time series database 902 that does not contain personal information, generate search range data 6130, and have the local base 102 identify the individual and send a message.

<Administration screen>
16 is a diagram showing an example of a management screen 1700 of the local base 102. This management screen 1700 is displayed on a display (output device) constituting the input/output device 407 of the data linkage server 213, and is a screen for inquiring of the data handler as to whether or not the processed time-series data 6140 of a new data type can be transmitted. The management screen 1700 is output by the processed time-series data transmission authorization function 414 of the data linkage program 401 (steps S54 and S55 in FIG. 12).

The management screen 1700 includes an area 1710 that displays the process of generating processed time series data 6140 by applying a predetermined processing to original data 1740 read from a time series database 612 that contains personal information, an area 1720 that displays the contents of the processed time series data 6140, and a pop-up window 1730 that allows the user to decide whether or not to send the processed time series data 6140.

In the illustrated example, the personal information in the original data 1740 is filtered or concealed using predetermined algorithms 1741 and 1742 on the time series data 6120 containing personal information to generate the processed time series data 6140. This process corresponds to step S45 in FIG. 12.

It also shows that the processed time series data 6140 has gone through judgment 1743 and judgment 1744, and has been subjected to processing 1745, which queries for authorization to transmit. Judgment 1743 is, for example, a judgment of the presence or absence of personal information in step S53 in FIG. 12, and judgment 1744 is a judgment of the first-appearing data type in step S48 in FIG. 12.

In the pop-up window 1730, a data handler or the like who uses the data linking server 213 determines whether or not to transmit the data type of the processed time series data 6140 displayed in the area 1720.

By receiving approval from the data handler for the initial data type, it is possible to confirm that the processed time series data 6140 complies with the restrictions of the local base 102. The approved data type is then registered in the transmitted data type database of the database server 212, and subsequent processed time series data 6140 of the same data type is permitted to be transmitted.

As described above, the maintenance service system of Example 1 collects processed time series data 6140 that does not contain personal information and time series data of the devices 111 from multiple local locations 102 at the aggregation location 103, and first identifies the device 111 to be maintained from the time series data (904) of the device 111.

Next, the aggregation base 103 generates search range data 6130 including search conditions and instructions or messages for identifying the maintenance worker in charge of the equipment 111 to be maintained from the processed time series data 6140 including the identifier of the equipment 111, and transmits the search range data 6130 to the local base 102. Note that if the processed time series data 6140 does not include information for identifying the local base 102, the aggregation base 103 broadcasts the search range data 6130 to the local base 102.

The local base 102 that has received the search range data 6130 searches the time series database 612 that contains personal information using the search conditions of the search range data 6130 to identify the identifier (manID 6121) of the maintenance worker of the device 111. Note that if the search results of the time series database 612 that contains personal information include the identifiers of multiple maintenance workers, the local base 102 can, for example, use the identifier of the maintenance worker in the latest data as the person in charge.

Then, the local base 102 obtains contact information corresponding to the maintenance worker's identifier from the personal information management database 611, and transmits the instructions or messages included in the search range data 6130 to the maintenance worker's client terminal 101.

In this way, the local base 102 of the maintenance service system can identify the maintenance worker who provided personal information based on the search criteria (6130) received from the aggregation base 103 and transmit a message or instructions to the client terminal 101 without transferring the personal information across borders to the aggregation base 103.

In the above embodiment 1, an example was shown in which a personal identifier (manID 6121) was used as the personal information stored in the time series database 612 containing personal information and the time series data 6120 containing personal information, but this is not limited to this and any unique information that can identify an individual may be used.

In addition, in the above embodiment 1, a telephone number (TEL 6113) and an email address (E-Mail 6114) are used as contact information stored in the personal information management table 6110 of the personal information management database 611, but this is not limited to these. For example, any information that can send a message to the client terminal 101 used by the maintenance worker, such as an SNS (Social Network Service) identifier, can be used.

Figure 17 shows a second embodiment of the present invention, and is a block diagram illustrating an overview of a maintenance service system. In this embodiment, instead of the centralized base 103 of the first embodiment, an equipment manufacturing company base (hereinafter, corporate base) 103-A issues maintenance instructions to maintenance workers at local maintenance company bases (hereinafter, local bases) 102-1 to 102-3 that perform maintenance on the company's products operating in each country (Country A to Country C). Note that the configurations of the local base 102 and corporate base 103-A are the same as those of the first embodiment.

In the local bases 102 of each country, the operation information of the equipment 111 (equipment time series data) and the processed time series data 6140 are transmitted to the corporate base 103-A in the same manner as in the first embodiment. The maintenance workers belonging to the local bases 102 of each country register their personal information in the personal information management database 611 in the same manner as in the first embodiment.

In this embodiment, it is permitted that the companies operating the local bases 102 in each country are not part of the same group. In other words, the items and forms in the time-series database 612 that contains personal information are not necessarily the same, and are expected to be different for each local base 102.

For this reason, the items of the processed time series data 6140 generated from the time series database 612 containing personal information at the local base 102 may differ between the local bases 102 in each country, but the identifier of the equipment 111 to be maintained is always included.

The corporate base 103-A identifies the identifier of the equipment 111 to be maintained from the equipment time series data collected from each local base 102, generates search range data 6130 for identifying a maintenance worker from the equipment 111 with this identifier, and transmits it to the local base 102.

The local base 102 in each country searches the time series database 612 containing personal information using the search conditions of the received search range data 6130, obtains personal information (man ID) that matches the search conditions, and obtains contact information from the personal information management database 611.

The items in the time series database 612 containing personal information may differ between the local bases 102 in each country, but the search conditions for the search range data 6130 are generated from the processed time series database 902 for each country.

Therefore, even if the items in the time series database 612 containing personal information differ between the local bases 102 in each country, the corporate base 103-A can generate search range data 6130 regardless of the differences in the time series database 612 containing personal information between the local bases 102 in each country.

As described above, even if the items of the time series database 612 containing personal information and the processed time series data 6140 differ between the local bases 102, the corporate base 103-A can transmit instructions and messages to maintenance workers at the local bases 102 in each country without being affected by the differences in items between the local bases 102.

Figure 18 shows a third embodiment of the present invention, and is a block diagram showing an overview of a notification service system. In this embodiment, the contents of the maintenance service system in the first embodiment are applied to a notification service system. In this embodiment, an example of a service in which organization X, such as a government agency, notifies users of organizations A to C that provide various services of alerts, etc. is shown.

In this embodiment, an example is shown in which organization A provides a social network service (SNS) at service base 102-a, organization B provides a transportation service by public transportation at service base 102-b, and organization C provides map information such as navigation at service base 102-c. The configuration of service bases 102-a to 102-c is the same as that of the local base 102 in the first embodiment.

A user who uses a service at each service base 102 registers personal information in the personal information management database 611 of the service base 102 via the client terminal 101. Note that the user in this embodiment corresponds to the maintenance worker in the first embodiment.

The service center 102 acquires operation information when using the service, adds an identifier for identifying the user to this operation information, generates time series data 6120 including personal information, and stores the data in the time series database including personal information 612. The time series database including personal information 612 includes user attribute information such as age, sex, or residential area.

The service base 102 generates processed time series data 6140 from the time series database 612 containing personal information, and transmits it to the base X 103-a operated by organization X. The processed time series data 6140 applies a predetermined concealment to the attribute information in the time series database 612 containing personal information. For example, this concealment is performed by the service base 102 by converting age into age groups and converting regions into prefecture units, etc. It is also possible to transmit the attribute information to the aggregation base 103 without concealing it.

Base X103-a stores the processed time series data 6140 received from each service base 102 in the processed time series database 902.

When sending a notification such as an alert, base X 103-a sets search conditions and a message (alert or notification) for the attribute information in the processed time-series database 902 to generate search range data 6130. The search conditions are, for example, the region being X prefecture, the age group being 20 to 40 years old, and the message being, for example, infectious disease countermeasures. Base X (103-a) generates search range data 6130 that identifies users to be notified, and transmits it to each service base 102.

Each service center 102 searches the time series database 612 containing personal information using the search conditions of the received search range data 6130, obtains personal information (man ID) that matches the search conditions (attribute information), and obtains contact information from the personal information management database 611. The service center 102 can send a message to the client terminal 101 of the obtained contact information.

In this way, in this embodiment, organization X, such as a government agency, includes attribute information of the user to whom a message such as an alert is to be transmitted in search range data 6130, and transmits the data to a service center 102 having a time-series database 612 that includes personal information.

The service center 102 can extract personal information by searching the time series database 612 containing personal information from the personal information management database 611 using search criteria including attribute information, and can then search the personal information management table 6110 using the extracted personal information to obtain contact information and send a message to the client terminal 101.

As described above, in this embodiment, the service center 102 can identify individuals using search criteria received from the center X (103-a) and transmit messages such as alerts and instructions without transferring personal information across borders to the center X (103-a).

<Conclusion>
As described above, the information processing systems (maintenance service system, notification service system) of the first to third embodiments can be configured as follows.

(1) An information processing system having a first computer (data linking server 213, target individual identification server 214) operating at a first base (local base 102), a second computer (data aggregation server 221, analysis server 223, target range designation server 224) operating at a second base (aggregation base 103), and a client terminal (101) connected to the first computer, wherein the first computer (213, 214) holds personal management information (personal information management table 6110) including a user identifier (manID 6111) and contact information (E-mail 6114) as personal information of a user (maintenance worker) who uses the client terminal (101), acquires operation information of the client terminal (101), generates personal time series information (time series data including personal information 6120) by adding the user's personal information (6111) and time to the operation information, and The information processing system performs a predetermined concealment on the personal information (6121) of the first computer (6120) to generate processed time series information (processed time series data 6140), and transmits the processed time series information (6140) to the second computer, the second computer (221, 223, 224) receives the processed time series information (6140) from the first computer, generates search range information (search range data 6130) from search conditions for the processed time series information (6140) for identifying the user at the first location and a message to be transmitted to the user at the first location, and transmits the search range information (6130) to the first computer, and when the first computer receives the search range information (6130) from the second computer, searches for personal time series information (6120) including the personal information (6121) using the search conditions of the search range information (6130) to identify the user.

With the above configuration, the local base 102 can identify the maintenance worker who provided personal information using the search criteria (6130) received from the aggregation base 103 without transferring the personal information across borders to the aggregation base 103.

(2) The information processing system described in (1) above, wherein the first computer acquires personal information (6121) of the identified user from the personal time series information (6120), acquires the contact information of the user corresponding to the personal information (6121) from the personal management information (6110), and transmits the message included in the search range information (6130) to the contact information.

With the above configuration, the local base 102 can search the personal information management table 6110 for the identified personal information to obtain contact information, and then send a message to the client terminal 101 of the maintenance worker (user).

(3) In the information processing system described in (1) above, the first computer collects operation information of the equipment (111) operating at the first base and an identifier (machine ID 6151) of the equipment (111) as equipment time series information (equipment time series data 6150) and transmits it to the second computer, and generates processed time series information (6140) including an identifier (6121) of a user who performed maintenance on the equipment (111) and an identifier of the equipment (111) to be maintained as the operation information of the client terminal (101), and anonymizes the identifier of the user as personal information (6121), and the second computer analyzes the equipment time series information (6150) received from the first computer. and identifying an identifier (6151) of the equipment (111) to be maintained, generating search conditions for searching the identifier (6151) of the identified equipment (111) from the processed time-series information (6140) that does not include the personal information (6121), generating the maintenance details of the equipment (111) to be maintained as a message (6133), generating the search range information (6130) from the search conditions and the message, and the first computer searches for personal time-series information (6120) including the personal information (6121) using the search conditions of the search range information (6130) received from the second computer to identify the user and the equipment (111) to be maintained.

With the above configuration, the aggregation site 103 generates search range data 6130 including search conditions and instructions or messages for identifying the maintenance worker in charge of the equipment 111 to be maintained from the processed time series data 6140 including the identifier of the equipment 111, and transmits it to the local site 102. The local site 102 that receives the search range data 6130 can identify the identifier (manID 6121) of the maintenance worker of the equipment 111 using the search conditions of the search range data 6130 in the time series database 612 including personal information.

(4) An information processing system according to (3) above, characterized in that the first computer searches for personal time-series information (6120) including personal information (6121) in search range information (6130) including an identifier (machine ID 6151) of the device (111) to obtain the personal information (6121), obtains a contact from personal information management information (6110) using the personal information (6121) in the search results, and sends a message included in the search range information (6130) to the contact (6114).

With the above configuration, the local base 102 obtains contact information corresponding to the maintenance worker's identifier from the personal information management database 611 and transmits instructions or messages contained in the search range data 6130 to the maintenance worker's client terminal 101.

(5) The information processing system described in (2) above, wherein the first computer generates the personal time series information (6120) including the user's attribute information in addition to the user's identifier (6121), and generates processed time series data by anonymizing the user's identifier as personal information (6121), the second computer generates search range information (6130) by specifying a target to which the message is to be sent using the attribute information, and the first computer searches the personal time series information (6120) using search conditions in the search range information (6130) including the attribute information to obtain personal information (6121) and identify the user to whom the message is to be sent.

With the above configuration, organization X, such as a government agency, sends the attributes of a user to whom a message such as an alert is to be transmitted as search range data 6130 to a service center 102 having a time series database 612 containing personal information, and the service center 102 can obtain contact information from the personal information management database 611 and send a message to the client terminal 101 of a user who has specific attribute information.

(6) The information processing system described in (1) above, wherein the first location (102) and the second location (103) belong to different countries or organizations, and the first computer inquires whether or not to transmit the processed time series information (6140) if the processed time series information to be transmitted is a data type that has appeared for the first time.

With the above configuration, if the processed time series data 6140 is a data type that has never been seen before, it is possible to confirm that the processed time series data 6140 complies with the restrictions of the local base 102 by obtaining approval from the data handler.

The present invention is not limited to the above-described embodiments, but includes various modified examples. For example, the above-described embodiments are described in detail to clearly explain the present invention, and are not necessarily limited to those having all of the configurations described. It is also possible to replace part of the configuration of one embodiment with the configuration of another embodiment, and it is also possible to add the configuration of another embodiment to the configuration of one embodiment. In addition, the addition, deletion, or replacement of part of the configuration of each embodiment with other configurations can be applied alone or in combination.

The above configurations, functions, processing units, and processing means may be realized in part or in whole in hardware, for example by designing them as integrated circuits. The above configurations and functions may be realized in software by a processor interpreting and executing a program that realizes each function. Information on the programs, tables, files, etc. that realize each function may be stored in a memory, a recording device such as a hard disk or SSD (Solid State Drive), or a recording medium such as an IC card, SD card, or DVD.

In addition, the control lines and information lines shown are those considered necessary for the explanation, and not all control lines and information lines on the product are necessarily shown. In reality, it can be assumed that almost all components are interconnected.

<Additional Information>

Representative aspects of the present invention other than those described in the claims include the following:

＜16＞
A storage medium having a processor and a memory and storing a program for controlling a computer operating at a first location,
a personal management information holding step of holding personal management information including an identifier and contact information of a user as personal information of the user who uses the client terminal;
a personal time-series information generating step of acquiring operation information of the client terminal and generating personal time-series information by adding personal information and time of the user to the operation information;
a processed time-series information transmitting step of generating processed time-series information by performing a predetermined concealment on the personal information of the personal time-series information and transmitting the processed time-series information to the second computer;
a search range information receiving step of receiving the search range information from the second computer;
a user identification step of searching for personal time-series information including the personal information under search conditions of the search range information to identify the user;
A non-transitory computer-readable storage medium storing a program for causing the computer to execute the above.

101 Client terminal 102-A, 102-B Local base 103 Aggregation base 211-A, 211-B Web server 212-A, 211-B Database server 213-A, 213-B Data linking server 214-A, 214-B Target individual identification server 221 Data aggregation server 222 Database server 223 Analysis server 224 Target range designation server 611 Personal information management database 612 Time series database including personal information 613, 903 Metadata database 614, 902 Processed time series database 615 Equipment time series database 616 Transmitted data type database 6120 Time series data including personal information

Claims (15)

An information processing system having a first computer operating at a first location, a second computer operating at a second location, and a client terminal connected to the first computer,
The first computer includes:
retaining personal management information including a user identifier and contact information as personal information of a user who uses the client terminal, acquiring operation information of the client terminal, generating personal time-series information by adding the personal information of the user and a time to the operation information, performing a predetermined concealment on the personal information of the personal time-series information to generate processed time-series information, and transmitting the processed time-series information to the second computer;
The second computer comprises:
receiving processed time series information from the first computer;
generating search range information from a search condition for the processed time-series information for identifying the user at the first location and a message to be transmitted to the user at the first location, and transmitting the search range information to the first computer;
The first computer includes:
an information processing system, when receiving the search range information from the second computer, searching personal time-series information including the personal information using search conditions of the search range information to identify the user; 2. The information processing system according to claim 1,
The first computer includes:
An information processing system characterized by obtaining personal information of the identified user from the personal time series information, obtaining the contact information of the user corresponding to the personal information from the personal management information, and sending the message included in the search range information to the contact information. 2. The information processing system according to claim 1,
The first computer includes:
Collecting operation information and identifiers of devices operating at the first site as device time-series information and transmitting the information to the second computer;
generating processed time-series information including an identifier of a user who performed maintenance on the device and an identifier of the device to be maintained as the operation information of the client terminal, and anonymizing the identifier of the user as personal information;
The second computer comprises:
analyzing the equipment time-series information received from the first computer to identify an identifier of an equipment to be maintained, generating search conditions for searching the identifier of the identified equipment from the processed time-series information not including personal information, generating maintenance details of the equipment to be maintained as a message, and generating the search range information from the search conditions and the message;
The first computer includes:
an information processing system for identifying the user and the equipment to be maintained by searching personal time-series information including the personal information using search conditions of the search range information received from the second computer; 4. The information processing system according to claim 3,
The first computer includes:
An information processing system characterized by searching for personal time-series information including personal information using search range information including an identifier of the device to obtain the personal information, obtaining contact information from personal information management information using the personal information in the search result, and sending a message included in the search range information to the contact information. 3. The information processing system according to claim 2,
The first computer includes:
generating the personal time-series information including attribute information of the user in addition to the identifier of the user, and generating processed time-series information by concealing the identifier of the user as personal information;
The second computer comprises:
generating search range information by specifying a target to which the message is to be sent using the attribute information;
The first computer includes:
The information processing system searches the personal time-series information under search conditions of search range information including the attribute information, acquires personal information, and identifies the user who will send the message. 2. The information processing system according to claim 1,
The first base and the second base belong to different countries or organizations;
The first computer includes:
An information processing system characterized in that, when the processed time-series information to be transmitted is of an initial appearance type, an inquiry is made as to whether or not the information can be transmitted. 1. An information processing method for transmitting a message, comprising: a first computer operating at a first location; a second computer operating at a second location; and a client terminal connected to the first computer, the method comprising:
a personal management information holding step in which the first computer holds personal management information including an identifier and contact information of a user who uses the client terminal as personal information of the user;
a personal time-series information generating step in which the first computer acquires operation information of the client terminal and generates personal time-series information by adding personal information of the user and time to the operation information;
a processed time-series information transmitting step in which the first computer generates processed time-series information by performing a predetermined concealment on the personal information of the personal time-series information and transmits the processed time-series information to the second computer;
a processed time series information receiving step in which the second computer receives processed time series information from the first computer;
a search range information transmission step in which the second computer generates search range information including a search condition for the processed time-series information for identifying the user at the first location and a message to be transmitted to the user at the first location, and transmits the search range information to the first computer;
a search range information receiving step in which the first computer receives the search range information from the second computer;
a user identification step in which the first computer searches personal time-series information including the personal information under a search condition of the search range information to identify the user;
13. An information processing method comprising: 8. An information processing method according to claim 7,
a personal information acquisition step in which the first computer acquires personal information of the specified user from the personal time-series information;
a contact information acquisition step in which the first computer acquires the contact information of the user corresponding to the personal information from the personal management information;
a message sending step of the first computer sending the message included in the search range information to the contact;
The information processing method further comprising: 8. An information processing method according to claim 7,
an equipment time-series information transmission step in which the first computer collects operation information and identifiers of equipment operating at the first site as equipment time-series information and transmits the information to the second computer;
an equipment time-series information analysis step in which the second computer analyzes the equipment time-series information received from the first computer to identify an identifier of an equipment to be maintained;
Further comprising:
In the individual time-series information generating step,
generating personal time-series information including an identifier of a user who performed maintenance on the device and an identifier of the device to be maintained as the operation information of the client terminal;
In the search range information transmission step,
generating search conditions for searching for an identifier of the specified device from the processed time-series information not including the personal information, generating maintenance details of the device to be maintained as a message, and generating the search range information from the search conditions and the message;
In the user identification step,
An information processing method comprising the steps of: searching personal time-series information including said personal information using search conditions of said search range information received from said second computer; and identifying said user and equipment to be maintained. 10. The information processing method according to claim 9,
In the user identification step,
An information processing method characterized by searching for personal time-series information including personal information using search range information including an identifier of the device to obtain the personal information, obtaining contact information from personal information management information using the personal information in the search result, and sending a message included in the search range information to the contact information. 9. The information processing method according to claim 8,
In the individual time-series information generating step,
generating the personal time-series information including attribute information of the user in addition to the identifier of the user;
In the processed time-series information transmitting step,
The identifier of the user is concealed as personal information to generate processed time-series information;
In the search range information transmission step,
generating search range information by specifying a target to which the message is to be sent using the attribute information;
In the user identification step,
The information processing method includes searching the personal time-series information under search conditions of search range information including the attribute information, acquiring personal information, and identifying the user who will send the message. 8. An information processing method according to claim 7,
The first base and the second base belong to different countries or organizations;
The information processing method further comprises a step of inquiring whether or not the processed time-series information to be transmitted is of an initial appearance type by the first computer. A computer having a processor and a memory and operating at a first location,
The processor holds personal management information including a user's identifier and contact information as personal information of a user who uses a client terminal, acquires operation information of the client terminal, generates personal time series information by adding the personal information of the user and a time to the operation information, performs a predetermined concealment on the personal information of the personal time series information to generate processed time series information, transmits the processed time series information to a second computer, and, upon receiving search range information from the second computer, searches for the personal time series information including the personal information using the search conditions of the search range information to identify the user. 14. The computer of claim 13,
The processor is characterized by obtaining personal information of the identified user from the personal time series information, obtaining the contact information of the user corresponding to the personal information from the personal management information, and sending a message included in the search range information to the contact information. 14. The computer of claim 13,
The processor collects operation information and identifiers of devices operating at the first site as device time-series information and transmits the information to the second computer;
the processor generates processed time-series information including an identifier of a user who performed maintenance on the device and an identifier of the device to be maintained as the operation information of the client terminal, and anonymizes the identifier of the user as personal information;
The processor searches for personal time-series information including the personal information using search conditions of the search range information received from the second computer, thereby identifying the user and the equipment to be maintained.

Images